This marks the 6th edition of the International Workshop on Engineering and Cybersecurity of Critical Systems (EnCyCriS) at the ICSE conference.
For industrial critical systems, although the previous premises of increasing system interconnectivity, decentralization, and introduction of new, more intelligent technologies still hold true, there is an increased societal awareness with regards to cybersecurity. This has led to clearer regulation, sharper requirements, and higher expectations for industry. At the same time, the availability of readily deployable competence, methods, tools, and solutions is lacking, which should be considered a critical societal risk.
In the current international political climate, cyber security, and safety of critical infrastructures across industry, are more important than ever before. The EnCyCriS workshop facilitates discourse and discussion amongst researchers, practitioners, and students who are working on challenges and solutions related to industrial critical infrastructure. It has a particular focus on sharing industry experience and project results pertaining to cyber threats on critical systems, secure systems engineering, and attack detection and response mechanisms.
Previous editions
- EnCyCriS/SVM 2024 was co-located with ICSE 2024
- EnCyCriS 2023 was co-located with ICSE 2023.
- EnCyCriS 2022 was co-located with ICSE 2022.
- EnCyCriS 2021 was co-located with ICSE 2021.
- EnCyCriS 2020 was co-located with ICSE 2020.
Sat 3 MayDisplayed time zone: Eastern Time (US & Canada) change
07:00 - 17:00 | |||
09:00 - 10:30 | |||
09:00 5mDay opening | Workshop Opening EnCyCriS Coralie Esnoul Institute For Energy Technology (IFE) | ||
09:05 55mKeynote | Keynote: Cyber operations at the speed of trust - by Colonel (Retired) Daniel Blanc EnCyCriS | ||
10:00 20mPaper | Engineering Out Industry 4.0 Cyber Risk EnCyCriS Benjamin Lampe Idaho National Laboratory, Patience Yockey Idaho National Laboratory, Virginia Wright Idaho National Laboratory | ||
10:20 10mOther | Group Picture EnCyCriS | ||
10:30 - 11:00 | |||
10:30 30mBreak | Saturday Morning Break Catering | ||
11:00 - 12:30 | |||
11:00 20mPaper | Cyberspace Vigilante or Security Sleuth: Understanding Who Threat Hunters Are EnCyCriS Samantha Hill University of Victoria, Alessandra Maciel Paz Milani University of Victoria, Callum Curtis University of Victoria, Arty Starr University of Victoria, Enrique Larios Vargas University of Victoria, Marcus Dunn University of Victoria, Margaret-Anne Storey University of Victoria | ||
11:20 20mPaper | Enhanced Detection of Code Vulnerability with Synergy between Data-Driven, Rule-Based and Unsupervised Learnings EnCyCriS Hibah Mohammed Ghouse Hubspot, Samiha Shimmi Northern Illinois University, Mona Rahimi Northern Illinois University | ||
11:40 20mPaper | Evaluating the Integration of Aurora zkSNARK in the Zupply Framework EnCyCriS | ||
12:00 30mPanel | Panel based discussions and open questions - morning session EnCyCriS | ||
12:30 - 14:00 | |||
13:15 45mLunch | Saturday Lunch Catering | ||
14:00 - 15:30 | |||
14:00 20mPaper | RANDART: A Hybrid Approach Leveraging File Traps and Registry Monitoring to Thwart Crypto Ransomware on Windows Endpoints EnCyCriS P. Mohan Anand Indian Institute of Technology Kanpur, India, P.V. Sai Charan New York University, USA, Hrushikesh Chunduri Indian Institute of Technology Kanpur, India, Sandeep K. Shukla Indian Institute of Technology Kanpur | ||
14:20 20mPaper | Static Analysis of IoT Firmware: Identifying Systemic Vulnerabilities with RMMIDL EnCyCriS | ||
14:40 45mPanel | Panel based discussions and open questions - afternoon session EnCyCriS | ||
15:25 5mDay closing | Workshop Closure EnCyCriS Coralie Esnoul Institute For Energy Technology (IFE) | ||
15:30 - 16:00 | |||
15:30 30mBreak | Saturday Afternoon Break Catering | ||
Accepted Papers
Call for Papers
EnCyCriS invites contributions from research scholars and practitioners working on challenges and solutions for engineering and cybersecurity of critical software-based systems on the following topics:
- Practical safety and security co-engineering – challenges and solutions for critical infrastructure and industrial software-intensive systems.
- Threat and vulnerability identification and impact estimation to respond to adverse cyber events, using models, simulations, and digital twins.
- The role, impact, and unsolved challenges of human, technological and organizational participants in the cybersecurity of critical infrastructures and complex sociotechnical systems.
- Systems and software development - the impact and importance of human factors on the cyber resilience of operational technology and information technology systems and infrastructures.
Topics are not limited to those listed above; all relevant papers will be considered. We accept position, research, and industrial experience papers. We highly value industrial experience and lessons learned, including academic papers with industrially applied research artefacts. This workshop facilitates discourse and discussions among researchers, practitioners, and students who are working on challenges and solutions related to the 4th industrial revolution, with a particular focus on sharing industry experience and project results pertaining to cyber threats on critical systems; secure software engineering; and attack detection and response mechanisms. We highly value industrial experience and lessons learned, and academic papers where research artefacts have been applied in an industrial context.
Submission
We accept submission of research papers of 8 pages maximum length as well as position papers & short papers of 4 to 6 pages length, and industry experiences and challenges papers of 4 to 6 pages. The paper format of the Workshop’s paper must follow the IEEE formatting guidelines. Paper Submission Webpage: https://encycris-2025.hotcrp.com/
UPDATE: submission extended until November 20th.
Backgrounds
With the aim of further strengthening the relevance of cybersecurity research for critical infrastructures, whilst being relevant and useful to industry, the following workshop research objectives are suggested:
- Integrated safety and security software engineering processes and methods for critical infrastructures that enable coordination among different stakeholders, including several teams and personnel with different competencies, and continuous integration of new and emerging technologies.
- Threat landscape for digital systems’ software in critical infrastructure and the modelling of cyber-attack scenarios for digital systems’ architecture and inter-dependencies. This includes accurate software architecture design model specifications that facilitate cybersecurity and Reliability, Availability, Maintainability and Safety (RAMS) assessment. Models should support effective communication of threats, vulnerabilities, risks, and potential mitigations to relevant stakeholders to support decision-making.
- The role and impact of black and grey-box technologies such as AI, machine-learning algorithms, off-the-shelf components (COTS), and supply chain elements, including third party services, on the cybersecurity of critical infrastructures. How do we estimate and handle the vulnerabilities potentially introduced by black-box technologies to achieve and maintain acceptable levels of risk throughout the life cycle of software, components, systems and solutions? How do we enable and empower stakeholders to address emerging threats and developing vulnerabilities more dynamically, with the aim of achieving greater resilience?
- The applications of digital twins, Artificial Intelligence (AI), Hardware-In-the-Loop test beds, simulators and/or emulators, and algorithms developed for cyber security purposes in critical infrastructures, especially to understand the consequences of a cyber-attack at an overall system level. Evaluate the effectiveness of the risk models, detection and response tools, and/or methods developed.
- The impact and importance of human factors in critical infrastructures systems and software development and operations, throughout the lifecycle of critical systems. How to prepare stakeholders such as developers, system operators and organizations to best handle unforeseen and unpredictable adverse cyber situations and events? How to overcome shortcomings in existing tools, methods, competence, and standards and regulations when planning and implementing cyber security response mechanisms and solutions.
The workshop topical areas
- Practical safety and security co-engineering - challenges and solutions for critical infrastructure and industrial software-intensive systems.
- Threat and vulnerability identification and impact estimation for response of cyber effects on software and hardware of critical infrastructures using models, simulations, and digital twins.
- The role, impact, and unsolved challenges of human, technology and organization in cybersecurity of critical infrastructures and complex socio-technical systems.
- Systems and software development - the impact and importance of human factors on the cyber resilience of operational technology and information technology systems and infrastructures.
The topics given above serve as guidance for the focus of the workshop and should not be seen as absolute. Adaptations to the workshop may be expected depending on the paper contributions and participants’ profiles.
| Sat 3 May 2025 Workshop Session |
| Wed 5 Feb 2025 Workshop Papers Camera Ready |
| Mon 9 Dec 2024 Workshop Papers Acceptance Notification |
| Wed 20 Nov 2024 Workshop Papers Submission Deadline |
Sridhar Adepu
University of Bristol
Sang Kil Cha
KAIST
South Korea
hans De Haan
Think beyond tomorrow
Roberto Filippini
EBG MedAustron
Austria
Ryan Gerdes
Virginia Tech
Denis Gracanin
Virginia Polytechnic Institute and State University
United States
Poul Einar Heegaard
Norwegian University of Science and Technology NTNU
Norway
Milan Lopuhaä-Zwakenberg
University of Twente
Nadia Saad Noori
University of Agder (UIA)
Kanna Sekar
Google
United States
Espen nystad
Institute For Energy Technology (IFE)
Norway